Ransomware holds world hostage

Being infected with ransomware is incredible stressful. The victim will have a short window to figure out how to stop it, lose the data, or pay the ransom. Photo / Getty

If you are targeted by ransomware you'll have a matter of hours to unlock your computer, lose the data, or pay the fee. Attacks are on the rise and already affecting a large number of New Zealand business and personal users.

Ransomware is one of the most nerve-jangling types of cyber-attacks that can happen to a person or business.

A recent spate of attacks in New Zealand displayed a message from 'the police' on mobiles stating the victim had been found with child pornography and that if a $200 (ransom) wasn't paid, the message would be spread throughout the victims' address book.

Typically, ransomware attacks will encrypt or "lock" parts or the entirety of a system with a demand for money to have the locking software removed.

A recent report by the Institute for Critical Infrastructure Technology on ransomware stated "locker campaigns depend on inciting panicked irrational thought in victims." People's trust in law enforcement and panic in getting these screens can make them overlook logical certainties - for instance, no law enforcement agency would request a "fee" instead of arresting a person found with illicit, and (hopefully) the person had not been looking at illicit materials in the first place.

ICIT says 2016 will be the year ransomware "holds America hostage." Many of the attacks cited have already hit our shores.

One script called "Locky" hit the Whanganui DHB in February. Juha Saarinen wrote "[Locky] not only encrypts files locally, the malware also traverses folders and directories shared over a network and attempts to scramble data on those.

Although "Locky" runs on Windows, this "feature" means data stored on computers running Apple OS X and Linux that's shared over a network can be encrypted."

The DHB's information and communications technology manager Barry Morris said the threat was contained and no ransom paid. Others weren't so lucky; a Los Angeles hospital was forced to pay $17,000 in bitcoins just days earlier to retrieve their locked data.

Related Content

A number of readers have written in saying they've experienced ransomware breaches.

One plumber said his business was hit with ransomware just last week. While he had the threat removed with help from his IT provider, his machine was useless for three days leaving him unable to process invoices or quotations "which is a disaster nonetheless".

Other readers have said they have had a 'police' lockscreen appear on their browser, but have responded by switching the power off and deleting the browsing history.

Since ransomware attacks have a high success rate, they will increase. It's near impossible to prosecute the perpetrator as they're often based overseas. Even Apple software which has been virtually untouchable has now been hit with ransomware. The best way to avoid paying a ransom is to back up everything on a separate system e.g. a hard drive. That way, when a system is compromised, precious data will be safely stowed away elsewhere.

If you have been targeted by ransomware alert your IT team or provider and the authorities (it is a crime after all).

Typically mobile ransomware, such as the 'police' fine for 'illicit materials' will not unlock after paying the fee. If you find your phone locked, google how to boot it in safe mode and try to find the offending app. Do not feel afraid to contact your service provider or netsafe, they will be well aware of the ransomware software and can help to delete it. Complex attacks such as "Locky" aren't as easy to deal with.

If you don't have an IT team or security provider, you are doomed to exploitation. But, you could try to recover the files with a system backup, or failing that, locating the shadow files of the corrupted data or with a file recovery software tool. Many ransomware scripts (including "Locky") will target and delete shadow files and even detect file recovery software leaving you with two options:

Lose the data or pay the ransom.

If the price of the ransom is worth more than the data, cut your losses and consider it gone. If you decide to pay the ransom, google the script affecting you and try to make sure you will have your data unlocked after paying.

There's always a human element behind a ransomware attack, and if payment is the only option, try to negotiate the terms. Make sure by paying the ransom, you're encrypted data will be unlocked.